The present disclosure relates generally to security and, more particularly, to a device and associated method for assessing and mitigating threats to computer systems and/or nodes on a network.
Next generation cyber threats are emerging in the form of powerful Internet services and tools that automate intelligence gathering, planning, testing, and surveillance. This generation of increasingly sophisticated and automated intelligence-driven cyber attacks, which are often coordinated across multiple domains, are difficult to defeat or even understand with current technology. To defeat such cyber attacks, information assurance (IA) threats are compared against known IA signatures. The known IA signatures require remote access and local access to an intrusion prevention system (IPS). This is undesirable in that remotely accessing a network to consistently provide information assurance (IA) threats is cumbersome and prone to failure. A further drawback of such an approach is that signature modification of the software and/or hardware configuration of the computers or nodes of the network is required.
Accordingly, a need exists for systems and methods that utilize internal information assurance mechanisms to detect cyber attacks without requiring external modification of the software and/or hardware of the computers or nodes of a network.